The FBI created a fake news story on a phony webpage designed in the style of a Seattle newspaper to nab a bomb threat suspect in 2007, according to documents obtained by a civil liberties group.
The bogus link was sent to a suspect tied to a series of bomb threats received by Timberline High School in Lacey, Washington, from May 2007 to June 2007. Once the link was opened, the FBI in Seattle was able to plant software on the suspect's computer, according to the documents released by the Electronic Frontier Foundation, a San Francisco-based non-profit that defends civil liberties online.
“We are outraged that the FBI, with the apparent assistance of the U.S. Attorney’s Office, misappropriated the name of The Seattle Times to secretly install spyware on the computer of a crime suspect,” Seattle Times editor Kathy Best said in a statement.
“Not only does that cross a line, it erases it,” she said.
The Electronic Frontier Foundation's documents showed that the FBI's story had an Associated Press byline and a link "in the style of The Seattle Times," complete with subscriber and advertiser content. It was sent to the suspect's MySpace account, and once opened, software sent his location and Internet Protocol information to the FBI, the Seattle Times reported based off the documents.
The AP also criticized the FBI.
"We are extremely concerned and find it unacceptable that the FBI misappropriated the name of The Associated Press and published a false story attributed to AP. This ploy violated AP’s name and undermined AP’s credibility," Paul Colford, director of media relations at the AP, said.
The suspect, a juvenile, was arrested on June 14, 2007. The special agent in charge of the FBI in Seattle defended the technique, according to The Seattle Times.
“Every effort we made in this investigation had the goal of preventing a tragic event like what happened at Marysville and Seattle Pacific University,” Frank Montoya Jr. said in a statement, referring to recent fatal school shootings in the Seattle area. “We identified a specific subject of an investigation and used a technique that we deemed would be effective in preventing a possible act of violence in a school setting.
“Use of that type of technique happens in very rare circumstances and only when there is sufficient reason to believe it could be successful in resolving a threat,” he said.
But Christopher Soghoian, the ACLU principal technologist who tweeted the revelation Monday, said he felt the move was as big of a violation of public trust as the sham vaccination program that the U.S. government famously ran in Pakistan to gather intelligence about Osama bin Laden's whereabouts.
"Impersonating the press is just as outrageous as impersonating doctors. The press plays such a vital role in our democracy and if people believe that clicking on a link to a newspaper is going to get them infected with FBI malware, they may be hesitant to read certain articles," he said.
Creating a fake news story to catch a suspect is unprecedented, Soghoian said.
"It's one thing for the government to go undercover using a fake identity. But it's an entirely different thing for the government to impersonate a real person or a real organization, and in doing so, put their reputation at risk."